CONTACT INFORMATION
James O. (Jim) Truitt 1-770-650-5705 (home)
2115 Old Forge Way http://jotruitt.tripod.com/
Marietta, GA 30068 E-mail: [EMAIL PROTECTED]
INTRODUCTION
Over twenty years experience in all aspects of the software/system life
cycle. Progressing from Software Developer, to System Integrator, to Task
Leader, to Systems Engineer, to Information Systems Security Professional.
I have been actively involved with network, computer and information
security as an Information Systems Security Professional since 1989.
CERTIFICATION
Certified Information Systems Security Professional (CISSP)
EDUCATION
University of Florida Math Masters/Bachelors
CLEARANCE
DoD Top Secret clearance, with SBI. (last active June 1998)
SKILLSETS
security, network security, computer security, information security,
security policy, security program, security architecture, intrusion
detection, penetration testing, security plan, security awareness, risk
management, risk review, risk assessment, assurance, security engineer,
security analyst, security consultant, security administration, security
testing, security management, biometrics, forensics, disaster recovery,
business continuity, security audit, privacy, encryption, PKI, information
warfare, information protection, information assurance, web security,
ecommerce security, security consulting, security training, security mentoring
Work History
Georgia TEMP (6/02 - 8/02)
Position: 3 month contract
My responsibilities included: risk assessments, policy review and
development, project management, process re-engineering, new technology
review, internal security consultant.
Worldspan (7/98 - 11/01)
Position: Information Security Engineer
My responsibilities as Information Security Engineer included:
Providing leadership and direction for the Worldspan Information Security
Program. Facilitating and providing guidance to the Worldspan Security
Council (VPs and Directors) and the Worldspan Security Working Group
(Managers and Administrators). Establishing policies, standards,
guidelines, procedures, and controls ensuring the security and integrity of
all Worldspan computing environments, networks, systems, and information
assets. Defining and developing methodologies, processes and procedures for
penetration testing, vulnerability scanning, log monitoring and incident
management. Working with the Development, Roll-Out and Quality groups to
incorporate security into their respective processes. Providing support to
Internal Audit in developing and conducting security audits and reviews.
Acting as liaison with the Legal Department on matters of electronic
privacy, acceptable use, terms of service and 3rd party agreements.
Assisting the Regulatory Group with the annual European Union Audit and
Worldspan privacy initiatives. Providing security consulting and expertise
to all Worldspan projects. Promoting security awareness across the
enterprise with security web pages, security presentations and security
reading rooms. Performing risk reviews, risk assessments and product
reviews for Worldspan functional groups, such as Human Resources, Finance
and Product Development. Supporting Technical Operations and Internal
Systems with the planning and design of security solutions for all Intranet
and Internet connectivity. Assisting the Marketing Group in responding to
security questions and issues that come up as part of the proposal process.
Booz-Allen & Hamilton (1/97 - 6/98)
Position: Senior Associate
Network Security and Information Assurance (IA) task area leader supporting
the IA Branch of N5 of the National Communications System (NCS). This
Includes supporting the Network Group (NG) and Information Infrastructure
Group (IIG) of the President's National Security Telecommunications
Advisory Committee (NSTAC). Additionally I was involved in the Firm's
Information Security (IS), Information Warfare (IW), Infrastructure
Protection (IP) and IA activities.
SSDS, Inc. (11/95 - 5/96)
Position: Security Engineer
GlaxoWellcome Firewall migration. Supporting the customer's project to
consolidate two existing firewalls (TIS Gauntlet and DEC SEAL) into a
single new firewall (TIS Gauntlet). Involved in business development
activities. Assisted in the development of security services offerings.
General Research Corporation International (6/95 - 11/95)
Position: Information Systems Security Engineer
Defense Investigative Service (DIS) Integration program
Information Systems Security Engineer for the integration
effort. Responsible for the integration of security controls in the
overall DIS integration effort. Responsibilities include; review of the DIS
Computer System Security Plan (CSSP), review and refine security
requirements, provide support to the test organization for developing
security test plans and procedures, define and create a Security
Integration and Test Environment (SITE), interface with customers to
resolve security issues and develop solutions for the program, work with
vendors to assess how their products may be applied as part of the DIS
security solution, assist in the development of a Continuity of Operations
Plan (COOP) for DIS.
Harris Information Systems Division (10/89 - 12/94)
Position: Staff Engineer
National Crime Information Center (NCIC) 2000 program Security Engineer.
Total responsibility for security in the developed system. A major
component of the security effort was the development and integration of an
intrusion detection capability.
* Security requirements analysis and allocation
* Security presentations at program reviews:
System Requirements Review (SRR), System Design
Review (SDR), Preliminary Design Review (PDR),
Critical Design Review (CDR), In Process Reviews
(IPRs), Technical Interchange meetings (TIMs)
* Create security documentation:
System Security Plan (SSP), Security Architecture,
Security CONOPS, Security Policy, Trusted Facility
Manual (TFM)
* Designed Intrusion Detection subsystem:
Hardware/software components, generate design
documentation; Prime Item Specification (B1),
Software Requirements Specification (SRS),
Interface Control Document (ICD)
ISDN Security Program. Exposure to ISDN protocol, ISDN services, ISDN
security, ISDN Key management services, Secure Data Network System (SDNS)
security protocol. (study)
DNS team. The DNS team designed the replacement network for
NASA's back-end DNS, migrating from dedicated point-to-point
communication lines to a true networked environment using the TCP/IP
protocol suite. Tasks dealt with computer/network security issues/concerns
associated with this migration. This culminated in a 75 page Security White
Paper and four ESRs to implement the papers recommendations.
* Performed Risk Analysis:
identified assets and threats, evaluated vulnerabilities,
determined probabilities and assessed impact due to
breach of security
* Developed recommendations for risk mitigation
* Proposed controls included:
firewalls, gateways, packet filtering, hand-held
authenticators, restricted shells, use of proxies,
Kerberos
* Network architecture: FDDI backbone bridged to FDDI
global buses, in turn routed to Ethernet LANs
* Worked with routers, bridges, comm servers
* Worked with TCP/IP, SNA, GOSIP/OSI
* Worked with Ethernet, Token Ring
* Generated estimates for cost and schedule to implement
security ESRs selected from DNS Security White Paper
* Researched and evaluated the feasibility of implementing
hand-held authenticators for access control
Range Operations Checkout and Control (ROCC) program.
Provided coding support in the areas of data acquisition
and display processing. Development was done per
DoD-STD-2167A.
* Design, code, test, integrate, document custom software
* Designed, coded, implemented test drivers and automated
test files
* PDL, Peer reviews, code walkthroughs
* 17 CSUs, 125 modules, 40,000 LOC (these are approximate
values)
* Involved re-engineering a large amount of legacy code
Cost History Database (CHDB). Designed and implemented an
Oracle database to house project measures and metrics
related to project estimated and actual cost and schedule.
Designed and implemented Sequel screens to access, format
and display the data. Designed and implemented standard
reports.
Harris Controls Division (12/77 - 10/89)
Position: Associate Principle Engineer.
Real-time Supervisory Control and Data Acquisition (SCADA)
systems for electric utilities. Activities covered all areas
of system development; system configuration and build;
database configuration and build; system integration and test.
Developed and taught custom courses and provided support
for problem resolution (phone support and on-site support).
Designed, coded, integrated, tested and documented custom code.
General categories included: Data Acquisition (DAC),
Man-Machine-Interface (MMI), Database (DB), data links and
handlers. The coding was done in assembly language and
FORTRAN. Other activities included Task Leader and
proposal support.
Computer Science Corporation (10/77 - 12/77)
Position: Scientific Programmer.
Continuation of work done for Federal Electric Corporation.
Federal Electric Corporation (6/77 - 10/77)
Position: Scientific Programmer.
Centaur launch support. Maintained programs written in
Honeywell's GMAP assembly language and provided programming
support to the weather office at the Kennedy Space Center.
Designed, coded, tested and integrated a program to plot wind
shears. Programming was done in BASIC.
Brevard County School Board (3/71- 6/77)
Position: Teacher, Secondary Mathematics.
- Resume - Information Systems Security Professional Jim Truitt
- Resume - Information Systems Security Professional Jim Truitt
- Resume - Information Systems Security Professional Jim Truitt
- Resume - Information Systems Security Professional Jim Truitt
- Resume - Information Systems Security Professional Jim Truitt
- Resume - Information Systems Security Professional Jim Truitt
- Jim Truitt
